can the claim be proven?
I can't think of any way to prove you've deleted something. You can prove that you have something, but you can't prove that you don't have it. See the philosophical
burden of proof:
to know that a X does not exist would require a perfect knowledge of all things
And even if a server would be audited, that doesn't guarantee it doesn't get changed later.
Correct, right now there is no way for us to prove this claim. As soon as we transition to the zk-SNARK based Note system it will be provably impossible for us to log any information but until then you have to take our word for it.
What is more important to the Anonymity set, the number of deposits or the total amount? if I understood correctly it's both, but according to what I understand from the "Anonymity Mining campaign" the goal is to increase the number of deposits only -- simply because when the 10,000 deposits number is reached there will be no incentives for people to keep their funds in the pool, so you would end up with 10k deposits and maybe next to nothing of BTC in the pool.
The reason why I ask is that I think there could be "easier" and probably "cheaper" ways to create those deposits if the only result required is a certain number of deposits, I understand that the pro of doing the Anonymity Mining campaign is that it would increase the level of trust since a mixer that ones had 1000 BTC and did not exit scam is unlikely to do so when they have 500 BTC.
Both are equally important. It's a
very big difference between 2 Anonymity sets with 10,000 deposits each made up of the following numbers:
Pool A: 5,000 x 0.001
BTC | 4,000 x 0.01
BTC | 500 x 0.1
BTC | 500 x 1
BTCPool B: 2,000 x 0.001
BTC | 2,000 x 0.01
BTC | 2,000 x 0.1
BTC | 2,000 x 1
BTC | 2,000 x 10
BTCWhile Pool A's Anonymity Set would be secure enough for a 0.01
BTC deposit that is withdrawn immediately, it wouldn't be the same if the same situation happened with 10
BTC instead of 0.01 . On the other hand a 10
BTC deposit in Pool B could be withdrawn immediately without anything looking 'out of the ordinary'.
We agree it would be better if the Anonymity Mining campaign would include other conditions besides the 10,000 deposits, such as out of those 10,000 there should be a minimum of 500 over 0.5
BTC, 500 over 1
BTC and 500 over 5
BTC. We decided not to impose these 'limits' because we assumed 10,000 deposits is a big enough number and people would deposit varied enough amounts regardless if we ask for it or not, but we may be wrong. What's your opinion on this?
As much as people don't want to hear it, 'anonymity' and more generally 'mixing' on Bitcoin are all about math and probabilities. Bitcoin is a public ledger available for anyone to review forever, now and at any point in the future. Keeping this in mind the
only way to offer
real anonymity is to have a scalable system, otherwise there are 0 reasons to use a centralized solution as opposed to Coinjoining yourself. Why would risk the operator stealing your funds, no matter how trusted he is, when you can get better privacy in a decentralized way? The
only reason to ever use a centralized solution over a decentralized one should be if the centralized one offers exponentially better privacy.
We built Whirlwind because there is no other solution available that has the potential to stand the test of time. Think about any of our competitors and consider that
all their addresses/clusters will be known in the future (if they are not already). Since there is a limit imposed on the delay, number of output addresses and fees, and there is no possibility to combine 2 deposits into a bigger output we strongly believe that anyone reviewing the flows will be able to deanonymize most if not all their users with relative ease.
On the other hand Whirlwind will only become stronger as time goes on thanks to the system it's based on, not weaker. Once we have a big enough Anonymity Set (something that is not possible for our competitors since their systems are fundamentally flawed and don't scale) there is simply no way to deanonymize users with certainty unless the user himself connects the transactions by using the same addresses or other similar mistakes.
Does the above make sense to you? If you have any questions or something is not clear enough please do not hesitate to ask. We will post a comparison with more details in the response to @fillippone question in this thread:
https://bitcointalk.org/index.php?topic=5444933.80 .
The number of deposits is more important than the amount of bitcoins. If it was all about the amount Whirlwind could easily do it themselves by adding xx BTC to the pool.
Not saying the amount is useless but the main point is to have many deposits, but also of different sizes, to make the system more effective
We could and we will add more
BTC ourselves but in order for this to be effective and not just an obvious sybil attack where we give users the false impression of a big Anonymity Set when in fact it's not, we need to add our reserve gradually blended with other real users deposits. We would rather take the time to do this the right way and not worry about anything coming back to bite us later.
The amount of
BTC held in the multi-sig is not that relevant since we could add that ourselves, but it's
very important that higher amount transactions happen (even if they are just deposits followed by a withdraw 1 hour later). Basically volume is more important than the multi-sig balance.
Of course, I could be wrong, this is just based on my understanding of how the multi-sig pool works, I hope to get more clearance and corrections of the different pool examples I posted above.
If we assume that you make a single 0.5
BTC deposit and then withdraw 0.5
BTC in one output then you are right with everything you said.
If we assume you make 5 x 0.1
BTC withdrawals to different addresses that won't be connected afterwards then Pool D is almost the same with Pool B (assuming your 0.5
BTC are already included in the figures you showed), the only difference being that in Pool B case you know for a fact that the outputs originated from at least 2 deposits while in Pool D case you can't know that.